CVE-2026-32276

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

CVE-2026-32300

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41...

CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

CVE-2026-32277 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

PT-2026-27229

Security Advisory — Cabinet Plugin DOM-based XSS Summary A DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Affected Versions - 1.x series: = 1.35.0, = 2.35.0, = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the Cabinet Plugin list view, DOM-based...